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What is claimed is: 

1 1 . A communication network, comprising: 

2 (A) local communication links, 

3 (B) a plurality of separately located central office switching systems 

4 interconnected via trunk circuits for selectively providing switched call 

5 connections between at least two of the local communication links in 

6 response to predetermined control data messages, 

>£? (C) a signaling communication system for two-way communications of said 

control data messages between said central office switching systems, said 

IU 

:jp signaling communication system interconnecting the central office 

A 0 switching systems; 

|tt (D) a signaling gateway, separate from the central office switching systems and 

connected to said signaling communications system, said signaling 

13 gateway including an interface connected to a remote communications 

1 4 network and configured to exchange said control data messages between 

15 said remote communication network and said signaling communication 

16 system, and 

17 (E) a signaling system security monitor, separate from the central office 

1 8 switching systems, said signaling system security configured to evaluate 

19 an encrypted portion of said control data messages so as to authenticate 

20 corresponding ones of said control messages and, in response, determine 

21 if said control data messages are proper. 
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1 2. The communications network according to claim 1 wherein said signaling system 

2 security monitor comprises a certification agent configured to exchange and maintain 

3 encryption key certificates. 

1 3. The communications network according to claim 1 wherein said signaling system 

2 security monitor is configured to issue and decrypt digital time stamps. 

i jj 

'4 4. The communications network according to claim 1 wherein said signaling system 

,3 security monitor comprises a digital certificate issuing authority. 

O 5. The communications network according to claim 1 wherein said signaling system 

[ J security monitor is configured to selectively communicate said control data messages 
between said signaling gateway and said signaling communication system in response 

4 to said encrypted portions of said control data messages. 

1 6. The communications network according to claim 1 wherein said signaling system 

2 security monitor is configured to selectively enable and inhibit said signaling gateway 

3 from exchanging said control data messages between said remote communication 

4 network and said signaling communication system in response to said encrypted portions 

5 of said control data messages. 
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7. The communications network according to claim 1 wherein said signaling system 


security monitor includes a memory storing states of respective ones of said central office 
switching systems, said processor additionally responsive to said states for determining 
if said control messages are proper. 

8. The communications network according to claim 1 wherein said signaling gateway 
is configured to convert SS7 type messages to another packet data format. 

9. The communications network according to claim 10 wherein the other packet data 
format is an Internet Protocol (IP) format. 

10. The communications network according to claim 1 wherein said signaling system 
security monitor is configured to monitor at least one of (i) a destination point code, (ii) 
an originating point code, and (iii) a service indicator. 

1 1 . The communications network according to claim 1 wherein said signaling system 
security monitor is configured to monitor at least one of SCCP, ISUP, TCAP, and AIN 
messages. 

12. The communications network according to claim 1 wherein said signaling system 
security monitor is configured to monitor calling and called party address parameters 
contained in SCCP message portions of said control data messages and determine if said 
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monitor calling and called party address parameters are consistent with an authorized 
signaling relationship. 

13. The communications network according to claim 1 wherein said signaling system 
security monitor is configured to monitor calling and called party address parameters 
contained in an SCCP message portion of said control data messages. 

14. The communications network according to claim 1 wherein said signaling system 
security monitor is configured to monitor origination and designation point codes and 
calling and called party address parameters contained in a TC AP message portion of said 
control data messages. 

15. The communications network according to claim 1 wherein said signaling system 
security monitor is configured to monitor origination and destination point codes 
parameters contained in a TCAP message portion of said control data messages and 
determine if a particular destination point code is authorized to send a particular TCAP 
message to a particular destination point code. 

16. The communications network according to claim 1 wherein said signaling system 
security monitor includes a memory storing a state of said communications network. 

17. The communication network according to claim 1 wherein said signaling system 
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security monitor includes a memory storing permissible states of said communications 
network and rules for transitioning from each of said permissible states to others of said 
permissible states. 

18. The communications network according to claim 1 wherein said signaling system 
security monitor includes a memory storing data relating call progress status with 
respective sets of control messages appropriate to initiate a next action consistent with 
a particular service. 

19. The communications network according to claim 1 wherein said signaling system 
security monitor includes a memory storing a plurality of message templates. 

20. The communications network according to claim 19 wherein said plurality of 
message templates are associated with a plurality of service providers. 

21. The communications network according to claim 20 wherein said signaling system 
security monitor associates each of said control data messages with a corresponding one 
of said service providers and selects one of said message templates in response to the 
corresponding one of said service providers. 

22. The communications network according to claim 1 wherein said signaling system 
security monitor includes a memory storing sets of templates, each of said sets 
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3 corresponding to control messages appropriate to particular call progress flow. 

1 23. The communications network according to claim 22 wherein said templates define 

2 message formats, parameters and values associated with control message types selected 

3 from SCCP, ISUP, TCAP and AIN type messages. 

1 24. The communications network according to claim 22 wherein said signaling system 

i32 security monitor is configured to select said sets of templates in response to service 

3 provider authorization data associated with respective ones of said control data messages. 

: SP : 
) iL^ 

!Tjl 25. A method of securely interfacing control links of respective communication 

M2 networks, comprising the steps of: 

1^3 exchanging control data messages between a remote communication network and 

: sssf 

1^4 a local signaling communication system; 

5 decrypting a certificate portion of said control messages so as to authenticate 

6 origination point code information; 

7 selectively communicating, in response to said decrypting step, control data 

8 messages between central office switching systems; and 

9 selectively providing switched call connections between at least two of the local 
10 communication links in response to predetermined control data messages. 

1 26. The method according to claim 25 further comprising a step of converting a protocol 
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2 of said control data messages between a protocol of said remote communication network 

3 and a protocol of said local signaling communication system. 

1 27. The method according to claim 26 wherein one of said protocols is an SS7 compliant 

2 message protocol. 

1 28. The method according to claim 27 wherein one of said protocols is an Internet 
r3 Protocol (IP) format. 

29. The method according to claim 25 further comprising a step of monitoring of calling 

- .ri 

il2 and called party address parameters contained in SCCP message portions of said control 

p$ data messages. 

Isssa 

M, 
,=~. 

i~^l 30. The method according to claim 29 wherein said monitoring step includes 

2 determining if said calling and called party address parameters are consistent with an 

3 authorized signaling relationship. 

1 31. The method according to claim 25 further comprising a step of monitoring 

2 origination and designation point codes and calling and called party address parameters 

3 contained in a TC AP message portion of said control data messages. 

1 32. The method according to claim 3 1 wherein said monitoring step includes monitoring 
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*>2 origination and destination point codes parameters contained in a TCAP message portion 

3 of said control data messages and determining if a particular destination point code is 

4 authorized to send a particular TCAP message to a particular destination point code. 

1 33. The method according to claim 25 further comprising a step of storing a state of said 

2 communications network. 

34. The method according to claim 25 further comprising a step of storing (i) permissible 
states of said communications network and (ii) rules for transitioning from each of said 
i=y3 permissible states to others of said permissible states. 

^ 1 35. The method according to claim 25 further comprising a step of storing data relating 

!<g 2 call progress status with respective sets of control messages appropriate to initiate a next 

I 3 

M 3 action consistent with a particular service. 

1 36. The method according to claim 25 further comprising a step of storing a plurality of 

2 message templates. 

1 37. The method according to claim 36 wherein said plurality of message templates are 

2 associated with a plurality of service providers. 

1 38. The method according to claim 37 further comprising steps of: 
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associating each of said control data messages with a corresponding one of said service 
providers; and 

selecting one of said message templates in response to the corresponding one of said 
service providers. 
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